Commit graph

43217 commits

Author SHA1 Message Date
Eric Biggers
7d16e880c6 Revert "ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY"
This reverts commit e2968fb8e7.

For various reasons, we've had to start enforcing upstream that ext4
encryption can only be used if the filesystem superblock has the
EXT4_FEATURE_INCOMPAT_ENCRYPT flag set, as was the intended design.
Unfortunately, Android isn't ready for this quite yet, since its
userspace still needs to be updated to set the flag at mkfs time, or
else fix it later with tune2fs.  It will need some more time to be fixed
properly, so for now to avoid breaking some devices, revert the kernel
change.

Bug: 36231741
Signed-off-by: Eric Biggers <ebiggers@google.com>
Change-Id: I30bd54afb68dbaf9801f8954099dffa90a2f8df1
2017-05-30 21:17:57 +00:00
Daniel Rosenberg
d73d07673e ANDROID: mnt: Fix next_descendent
next_descendent did not properly handle the case
where the initial mount had no slaves. In this case,
we would look for the next slave, but since don't
have a master, the check for wrapping around to the
start of the list will always fail. Instead, we check
for this case, and ensure that we end the iteration
when we come back to the root.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 62094374
Change-Id: I43dfcee041aa3730cb4b9a1161418974ef84812e
2017-05-29 19:11:06 -07:00
Greg Kroah-Hartman
9bc462220d This is the 4.4.70 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkm0zAACgkQONu9yGCS
 aT5QnxAAh9uZYFJtQ7wYngD7cQcDH1KVztqEYxCP5OtxzAZBrSNBufLdhKBbc1ZP
 C04Mo+FzzNiJtBwkmlOqYaEPYUSx/uwCEk9mNX85VtchIhKBrwWF7GxkeXCPs6e5
 yP5TUXmxbbSp3qM4q2Z4XSW8eEPZ2l3zoy0fkjz2kS02e4RW0yQ34dvzw0BG2urr
 +9ocyVjDBoU3QNKyVw3fd1AltKesSZK0fa2vEO+TOTW6Bm3xD4egCJdOzu9saUwK
 hfSKXsJ0/pf1r1iyfz2foR/Hi3i4j6vRqnneyqozT7nxEJEuBQ3B5WhnsbDfzrXu
 +CY23KBkDkQ1RBngmtTQd3ABHEN1E2StpBImG5RUr+5giV6/e4rdz0/HWGMvCvAz
 iWqXdgZNdCnc96HPEWaDGUKxndCxsiaJOhgZwW2zm/0drVWRE+vjsOmFLyUp2Ky1
 1vnKfwlvTFU4xjQ5H44AuuSHQsv+GNEtPPIHrbBv/wg90/2VuF0aYuNYjHSsc4Ca
 3YM53S6/sjQqmsKixWboax8Kh2wRrEuFbqSFQV64JjFpGau61JQFMtRNl4+FFXzm
 Cm+26Fan4Wtyo5zB9xnBZbDwCOXqwTXQYUP2SejtObq+Uk2tXxF05emeta9pURF3
 vdgv6N0cTPm4K3VZyBZvj8JitEr2OEaIxoUqE2BXkA1MPmbqOoI=
 =Z1no
 -----END PGP SIGNATURE-----

Merge 4.4.70 into android-4.4

Changes in 4.4.70
	usb: misc: legousbtower: Fix buffers on stack
	usb: misc: legousbtower: Fix memory leak
	USB: ene_usb6250: fix DMA to the stack
	watchdog: pcwd_usb: fix NULL-deref at probe
	char: lp: fix possible integer overflow in lp_setup()
	USB: core: replace %p with %pK
	ARM: tegra: paz00: Mark panel regulator as enabled on boot
	tpm_crb: check for bad response size
	infiniband: call ipv6 route lookup via the stub interface
	dm btree: fix for dm_btree_find_lowest_key()
	dm raid: select the Kconfig option CONFIG_MD_RAID0
	dm bufio: avoid a possible ABBA deadlock
	dm bufio: check new buffer allocation watermark every 30 seconds
	dm cache metadata: fail operations if fail_io mode has been established
	dm bufio: make the parameter "retain_bytes" unsigned long
	dm thin metadata: call precommit before saving the roots
	dm space map disk: fix some book keeping in the disk space map
	md: update slab_cache before releasing new stripes when stripes resizing
	rtlwifi: rtl8821ae: setup 8812ae RFE according to device type
	mwifiex: pcie: fix cmd_buf use-after-free in remove/reset
	ima: accept previously set IMA_NEW_FILE
	KVM: x86: Fix load damaged SSEx MXCSR register
	KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
	regulator: tps65023: Fix inverted core enable logic.
	s390/kdump: Add final note
	s390/cputime: fix incorrect system time
	ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device
	ath9k_htc: fix NULL-deref at probe
	drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark calculations.
	drm/amdgpu: Make display watermark calculations more accurate
	drm/nouveau/therm: remove ineffective workarounds for alarm bugs
	drm/nouveau/tmr: ack interrupt before processing alarms
	drm/nouveau/tmr: fix corruption of the pending list when rescheduling an alarm
	drm/nouveau/tmr: avoid processing completed alarms when adding a new one
	drm/nouveau/tmr: handle races with hw when updating the next alarm time
	cdc-acm: fix possible invalid access when processing notification
	proc: Fix unbalanced hard link numbers
	of: fix sparse warning in of_pci_range_parser_one
	iio: dac: ad7303: fix channel description
	pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
	pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
	USB: serial: ftdi_sio: fix setting latency for unprivileged users
	USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
	ext4 crypto: don't let data integrity writebacks fail with ENOMEM
	ext4 crypto: fix some error handling
	net: qmi_wwan: Add SIMCom 7230E
	fscrypt: fix context consistency check when key(s) unavailable
	f2fs: check entire encrypted bigname when finding a dentry
	fscrypt: avoid collisions when presenting long encrypted filenames
	sched/fair: Do not announce throttled next buddy in dequeue_task_fair()
	sched/fair: Initialize throttle_count for new task-groups lazily
	usb: host: xhci-plat: propagate return value of platform_get_irq()
	xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
	usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
	net: irda: irda-usb: fix firmware name on big-endian hosts
	usbvision: fix NULL-deref at probe
	mceusb: fix NULL-deref at probe
	ttusb2: limit messages to buffer size
	usb: musb: tusb6010_omap: Do not reset the other direction's packet size
	USB: iowarrior: fix info ioctl on big-endian hosts
	usb: serial: option: add Telit ME910 support
	USB: serial: qcserial: add more Lenovo EM74xx device IDs
	USB: serial: mct_u232: fix big-endian baud-rate handling
	USB: serial: io_ti: fix div-by-zero in set_termios
	USB: hub: fix SS hub-descriptor handling
	USB: hub: fix non-SS hub-descriptor handling
	ipx: call ipxitf_put() in ioctl error path
	iio: proximity: as3935: fix as3935_write
	ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
	gspca: konica: add missing endpoint sanity check
	s5p-mfc: Fix unbalanced call to clock management
	dib0700: fix NULL-deref at probe
	zr364xx: enforce minimum size when reading header
	dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops
	cx231xx-audio: fix init error path
	cx231xx-audio: fix NULL-deref at probe
	cx231xx-cards: fix NULL-deref at probe
	powerpc/book3s/mce: Move add_taint() later in virtual mode
	powerpc/pseries: Fix of_node_put() underflow during DLPAR remove
	powerpc/64e: Fix hang when debugging programs with relocated kernel
	ARM: dts: at91: sama5d3_xplained: fix ADC vref
	ARM: dts: at91: sama5d3_xplained: not all ADC channels are available
	arm64: xchg: hazard against entire exchange variable
	arm64: uaccess: ensure extension of access_ok() addr
	arm64: documentation: document tagged pointer stack constraints
	xc2028: Fix use-after-free bug properly
	mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
	staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
	staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
	iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
	metag/uaccess: Fix access_ok()
	metag/uaccess: Check access_ok in strncpy_from_user
	uwb: fix device quirk on big-endian hosts
	genirq: Fix chained interrupt data ordering
	osf_wait4(): fix infoleak
	tracing/kprobes: Enforce kprobes teardown after testing
	PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms
	PCI: Freeze PME scan before suspending devices
	drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2
	nfsd: encoders mustn't use unitialized values in error cases
	drivers: char: mem: Check for address space wraparound with mmap()
	Linux 4.4.70

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-05-25 17:31:28 +02:00
J. Bruce Fields
52cf247694 nfsd: encoders mustn't use unitialized values in error cases
commit f961e3f2acae94b727380c0b74e2d3954d0edf79 upstream.

In error cases, lgp->lg_layout_type may be out of bounds; so we
shouldn't be using it until after the check of nfserr.

This was seen to crash nfsd threads when the server receives a LAYOUTGET
request with a large layout type.

GETDEVICEINFO has the same problem.

Reported-by: Ari Kauppi <Ari.Kauppi@synopsys.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:18 +02:00
Yan, Zheng
04f522476a ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
commit 8179a101eb5f4ef0ac9a915fcea9a9d3109efa90 upstream.

ceph_set_acl() calls __ceph_setattr() if the setacl operation needs
to modify inode's i_mode. __ceph_setattr() updates inode's i_mode,
then calls posix_acl_chmod().

The problem is that __ceph_setattr() calls posix_acl_chmod() before
sending the setattr request. The get_acl() call in posix_acl_chmod()
can trigger a getxattr request. The reply of the getxattr request
can restore inode's i_mode to its old value. The set_acl() call in
posix_acl_chmod() sees old value of inode's i_mode, so it calls
__ceph_setattr() again.

Cc: stable@vger.kernel.org # needs backporting for < 4.9
Link: http://tracker.ceph.com/issues/19688
Reported-by: Jerry Lee <leisurelysw24@gmail.com>
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Luis Henriques <lhenriques@suse.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
[luis: introduce __ceph_setattr() and make ceph_set_acl() call it, as
 suggested by Yan.]
Signed-off-by: Luis Henriques <lhenriques@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: “Yan, Zheng” <zyan@redhat.com>
2017-05-25 14:30:13 +02:00
Eric Biggers
ae3d7b8931 fscrypt: avoid collisions when presenting long encrypted filenames
commit 6b06cdee81d68a8a829ad8e8d0f31d6836744af9 upstream.

When accessing an encrypted directory without the key, userspace must
operate on filenames derived from the ciphertext names, which contain
arbitrary bytes.  Since we must support filenames as long as NAME_MAX,
we can't always just base64-encode the ciphertext, since that may make
it too long.  Currently, this is solved by presenting long names in an
abbreviated form containing any needed filesystem-specific hashes (e.g.
to identify a directory block), then the last 16 bytes of ciphertext.
This needs to be sufficient to identify the actual name on lookup.

However, there is a bug.  It seems to have been assumed that due to the
use of a CBC (ciphertext block chaining)-based encryption mode, the last
16 bytes (i.e. the AES block size) of ciphertext would depend on the
full plaintext, preventing collisions.  However, we actually use CBC
with ciphertext stealing (CTS), which handles the last two blocks
specially, causing them to appear "flipped".  Thus, it's actually the
second-to-last block which depends on the full plaintext.

This caused long filenames that differ only near the end of their
plaintexts to, when observed without the key, point to the wrong inode
and be undeletable.  For example, with ext4:

    # echo pass | e4crypt add_key -p 16 edir/
    # seq -f "edir/abcdefghijklmnopqrstuvwxyz012345%.0f" 100000 | xargs touch
    # find edir/ -type f | xargs stat -c %i | sort | uniq | wc -l
    100000
    # sync
    # echo 3 > /proc/sys/vm/drop_caches
    # keyctl new_session
    # find edir/ -type f | xargs stat -c %i | sort | uniq | wc -l
    2004
    # rm -rf edir/
    rm: cannot remove 'edir/_A7nNFi3rhkEQlJ6P,hdzluhODKOeWx5V': Structure needs cleaning
    ...

To fix this, when presenting long encrypted filenames, encode the
second-to-last block of ciphertext rather than the last 16 bytes.

Although it would be nice to solve this without depending on a specific
encryption mode, that would mean doing a cryptographic hash like SHA-256
which would be much less efficient.  This way is sufficient for now, and
it's still compatible with encryption modes like HEH which are strong
pseudorandom permutations.  Also, changing the presented names is still
allowed at any time because they are only provided to allow applications
to do things like delete encrypted directories.  They're not designed to
be used to persistently identify files --- which would be hard to do
anyway, given that they're encrypted after all.

For ease of backports, this patch only makes the minimal fix to both
ext4 and f2fs.  It leaves ubifs as-is, since ubifs doesn't compare the
ciphertext block yet.  Follow-on patches will clean things up properly
and make the filesystems use a shared helper function.

Fixes: 5de0b4d0cd ("ext4 crypto: simplify and speed up filename encryption")
Reported-by: Gwendal Grignou <gwendal@chromium.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:11 +02:00
Jaegeuk Kim
129a883b01 f2fs: check entire encrypted bigname when finding a dentry
commit 6332cd32c8290a80e929fc044dc5bdba77396e33 upstream.

If user has no key under an encrypted dir, fscrypt gives digested dentries.
Previously, when looking up a dentry, f2fs only checks its hash value with
first 4 bytes of the digested dentry, which didn't handle hash collisions fully.
This patch enhances to check entire dentry bytes likewise ext4.

Eric reported how to reproduce this issue by:

 # seq -f "edir/abcdefghijklmnopqrstuvwxyz012345%.0f" 100000 | xargs touch
 # find edir -type f | xargs stat -c %i | sort | uniq | wc -l
100000
 # sync
 # echo 3 > /proc/sys/vm/drop_caches
 # keyctl new_session
 # find edir -type f | xargs stat -c %i | sort | uniq | wc -l
99999

Cc: <stable@vger.kernel.org>
Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(fixed f2fs_dentry_hash() to work even when the hash is 0)
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:11 +02:00
Eric Biggers
269d8211c4 fscrypt: fix context consistency check when key(s) unavailable
commit 272f98f6846277378e1758a49a49d7bf39343c02 upstream.

To mitigate some types of offline attacks, filesystem encryption is
designed to enforce that all files in an encrypted directory tree use
the same encryption policy (i.e. the same encryption context excluding
the nonce).  However, the fscrypt_has_permitted_context() function which
enforces this relies on comparing struct fscrypt_info's, which are only
available when we have the encryption keys.  This can cause two
incorrect behaviors:

1. If we have the parent directory's key but not the child's key, or
   vice versa, then fscrypt_has_permitted_context() returned false,
   causing applications to see EPERM or ENOKEY.  This is incorrect if
   the encryption contexts are in fact consistent.  Although we'd
   normally have either both keys or neither key in that case since the
   master_key_descriptors would be the same, this is not guaranteed
   because keys can be added or removed from keyrings at any time.

2. If we have neither the parent's key nor the child's key, then
   fscrypt_has_permitted_context() returned true, causing applications
   to see no error (or else an error for some other reason).  This is
   incorrect if the encryption contexts are in fact inconsistent, since
   in that case we should deny access.

To fix this, retrieve and compare the fscrypt_contexts if we are unable
to set up both fscrypt_infos.

While this slightly hurts performance when accessing an encrypted
directory tree without the key, this isn't a case we really need to be
optimizing for; access *with* the key is much more important.
Furthermore, the performance hit is barely noticeable given that we are
already retrieving the fscrypt_context and doing two keyring searches in
fscrypt_get_encryption_info().  If we ever actually wanted to optimize
this case we might start by caching the fscrypt_contexts.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:11 +02:00
Dan Carpenter
22823e9519 ext4 crypto: fix some error handling
commit 4762cc3fbbd89e5fd316d6e4d3244a8984444f8d upstream.

We should be testing for -ENOMEM but the minus sign is missing.

Fixes: c9af28fdd449 ('ext4 crypto: don't let data integrity writebacks fail with ENOMEM')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:11 +02:00
Theodore Ts'o
0a76f023e6 ext4 crypto: don't let data integrity writebacks fail with ENOMEM
commit c9af28fdd44922a6c10c9f8315718408af98e315 upstream.

We don't want the writeback triggered from the journal commit (in
data=writeback mode) to cause the journal to abort due to
generic_writepages() returning an ENOMEM error.  In addition, if
fsync() fails with ENOMEM, most applications will probably not do the
right thing.

So if we are doing a data integrity sync, and ext4_encrypt() returns
ENOMEM, we will submit any queued I/O to date, and then retry the
allocation using GFP_NOFAIL.

Google-Bug-Id: 27641567

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:11 +02:00
Takashi Iwai
0009593163 proc: Fix unbalanced hard link numbers
commit d66bb1607e2d8d384e53f3d93db5c18483c8c4f7 upstream.

proc_create_mount_point() forgot to increase the parent's nlink, and
it resulted in unbalanced hard link numbers, e.g. /proc/fs shows one
less than expected.

Fixes: eb6d38d542 ("proc: Allow creating permanently empty directories...")
Reported-by: Tristan Ye <tristan.ye@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:10 +02:00
Daniel Rosenberg
a533221d29 ANDROID: sdcardfs: Check for NULL in revalidate
If the inode is in the process of being evicted,
the top value may be NULL.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 38502532
Change-Id: I0b9d04aab621e0398d44d1c5dc53293106aa5f89
2017-05-23 00:18:43 +00:00
Greg Kroah-Hartman
b2fc10e724 This is the 4.4.69 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkgNjAACgkQONu9yGCS
 aT5BNhAAvs5FwuKjmq+KLXs2ofB7REnq1xBjcm8Y7gnFo+7+slrgOyrGH4fpWArP
 55pU9YelY/DZzSjZ/hYkp/fI/TCZskgV+T/IIRhPlpAHIDRCnFfVqNpY6Oijo1jw
 ZcuggPUjo6OqV3yB6FRm8OKnaux4bZBi63TGom+0UpGEEzTW0LfwA8mK2yAmlgWm
 huVPuHRxBSHjxaie2s/8wwmbFfJZ+MwtaRFDNFiPayVuRb2zZBfDVUVEoVNlkGNL
 wfnTJ4UpjyBkMiOEoNao7DtmlLttuysAZ4LKqL2VsfcDZ7RzuwZ7okM1rxW1W7F8
 TTHKz9NXfqNEPTYhHHfwnHGhpzuZEYqeXRzCoddfQMuDdTkdbpscLd4gobosQJR7
 NL25MKL4wcI/7366qnq0Fa0J4pmNDd6LO1knOz4OR7sNFJ4C1TUVmzUryJuSA3UO
 8OGJ0qMJzJHUgoNByHdrs9cbxiQmTRcACA9MnizBPtz+ciiyvUUfY4dTEnlQIFOl
 PZhtux5wC/UdhZjfUzwBt2fD/kUHg4OHdPoEWVp0E0U/H7SbSllyeX+qKFZomfzm
 UUqSU823sGe/VQtoiLtH9fSqUmfARmU64pthgOuvGk8qBLyl6mkGApj+XtkBcozG
 lNE0AgWs+NnZyEPfMJIAyxxyko5Dy9I4TpX9/fjCWkQH7NrHqwM=
 =eKGw
 -----END PGP SIGNATURE-----

Merge 4.4.69 into android-4.4

Changes in 4.4.69
	xen: adjust early dom0 p2m handling to xen hypervisor behavior
	target: Fix compare_and_write_callback handling for non GOOD status
	target/fileio: Fix zero-length READ and WRITE handling
	target: Convert ACL change queue_depth se_session reference usage
	iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
	usb: host: xhci: print correct command ring address
	USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
	USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
	staging: vt6656: use off stack for in buffer USB transfers.
	staging: vt6656: use off stack for out buffer USB transfers.
	staging: gdm724x: gdm_mux: fix use-after-free on module unload
	staging: comedi: jr3_pci: fix possible null pointer dereference
	staging: comedi: jr3_pci: cope with jiffies wraparound
	usb: misc: add missing continue in switch
	usb: Make sure usb/phy/of gets built-in
	usb: hub: Fix error loop seen after hub communication errors
	usb: hub: Do not attempt to autosuspend disconnected devices
	x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
	selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug
	x86, pmem: Fix cache flushing for iovec write < 8 bytes
	um: Fix PTRACE_POKEUSER on x86_64
	KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
	KVM: arm/arm64: fix races in kvm_psci_vcpu_on
	block: fix blk_integrity_register to use template's interval_exp if not 0
	crypto: algif_aead - Require setkey before accept(2)
	dm era: save spacemap metadata root after the pre-commit
	vfio/type1: Remove locked page accounting workqueue
	IB/core: Fix sysfs registration error flow
	IB/IPoIB: ibX: failed to create mcg debug file
	IB/mlx4: Fix ib device initialization error flow
	IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
	ext4: evict inline data when writing to memory map
	fs/xattr.c: zero out memory copied to userspace in getxattr
	ceph: fix memory leak in __ceph_setxattr()
	fs/block_dev: always invalidate cleancache in invalidate_bdev()
	Set unicode flag on cifs echo request to avoid Mac error
	SMB3: Work around mount failure when using SMB3 dialect to Macs
	CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
	cifs: fix CIFS_IOC_GET_MNT_INFO oops
	CIFS: add misssing SFM mapping for doublequote
	padata: free correct variable
	arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
	serial: samsung: Use right device for DMA-mapping calls
	serial: omap: fix runtime-pm handling on unbind
	serial: omap: suspend device on probe errors
	tty: pty: Fix ldisc flush after userspace become aware of the data already
	Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
	Bluetooth: hci_bcm: add missing tty-device sanity check
	Bluetooth: hci_intel: add missing tty-device sanity check
	mac80211: pass RX aggregation window size to driver
	mac80211: pass block ack session timeout to to driver
	mac80211: RX BA support for sta max_rx_aggregation_subframes
	wlcore: Pass win_size taken from ieee80211_sta to FW
	wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event
	ipmi: Fix kernel panic at ipmi_ssif_thread()
	Linux 4.4.69

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-05-21 19:01:22 +02:00
Björn Jacke
9f4ba9062c CIFS: add misssing SFM mapping for doublequote
commit 85435d7a15294f9f7ef23469e6aaf7c5dfcc54f0 upstream.

SFM is mapping doublequote to 0xF020

Without this patch creating files with doublequote fails to Windows/Mac

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
David Disseldorp
9a40506699 cifs: fix CIFS_IOC_GET_MNT_INFO oops
commit d8a6e505d6bba2250852fbc1c1c86fe68aaf9af3 upstream.

An open directory may have a NULL private_data pointer prior to readdir.

Fixes: 0de1f4c6f6 ("Add way to query server fs info for smb3")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Björn Jacke
a8900a64ea CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
commit b704e70b7cf48f9b67c07d585168e102dfa30bb4 upstream.

- trailing space maps to 0xF028
- trailing period maps to 0xF029

This fix corrects the mapping of file names which have a trailing character
that would otherwise be illegal (period or space) but is allowed by POSIX.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Steve French
b85fa4129e SMB3: Work around mount failure when using SMB3 dialect to Macs
commit 7db0a6efdc3e990cdfd4b24820d010e9eb7890ad upstream.

Macs send the maximum buffer size in response on ioctl to validate
negotiate security information, which causes us to fail the mount
as the response buffer is larger than the expected response.

Changed ioctl response processing to allow for padding of validate
negotiate ioctl response and limit the maximum response size to
maximum buffer size.

Signed-off-by: Steve French <steve.french@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Steve French
89d23005fd Set unicode flag on cifs echo request to avoid Mac error
commit 26c9cb668c7fbf9830516b75d8bee70b699ed449 upstream.

Mac requires the unicode flag to be set for cifs, even for the smb
echo request (which doesn't have strings).

Without this Mac rejects the periodic echo requests (when mounting
with cifs) that we use to check if server is down

Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Andrey Ryabinin
7aad381af8 fs/block_dev: always invalidate cleancache in invalidate_bdev()
commit a5f6a6a9c72eac38a7fadd1a038532bc8516337c upstream.

invalidate_bdev() calls cleancache_invalidate_inode() iff ->nrpages != 0
which doen't make any sense.

Make sure that invalidate_bdev() always calls cleancache_invalidate_inode()
regardless of mapping->nrpages value.

Fixes: c515e1fd36 ("mm/fs: add hooks to support cleancache")
Link: http://lkml.kernel.org/r/20170424164135.22350-3-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Alexey Kuznetsov <kuznet@virtuozzo.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Nikolay Borisov <n.borisov.lkml@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Luis Henriques
bb7031c7e5 ceph: fix memory leak in __ceph_setxattr()
commit eeca958dce0a9231d1969f86196653eb50fcc9b3 upstream.

The ceph_inode_xattr needs to be released when removing an xattr.  Easily
reproducible running the 'generic/020' test from xfstests or simply by
doing:

  attr -s attr0 -V 0 /mnt/test && attr -r attr0 /mnt/test

While there, also fix the error path.

Here's the kmemleak splat:

unreferenced object 0xffff88001f86fbc0 (size 64):
  comm "attr", pid 244, jiffies 4294904246 (age 98.464s)
  hex dump (first 32 bytes):
    40 fa 86 1f 00 88 ff ff 80 32 38 1f 00 88 ff ff  @........28.....
    00 01 00 00 00 00 ad de 00 02 00 00 00 00 ad de  ................
  backtrace:
    [<ffffffff81560199>] kmemleak_alloc+0x49/0xa0
    [<ffffffff810f3e5b>] kmem_cache_alloc+0x9b/0xf0
    [<ffffffff812b157e>] __ceph_setxattr+0x17e/0x820
    [<ffffffff812b1c57>] ceph_set_xattr_handler+0x37/0x40
    [<ffffffff8111fb4b>] __vfs_removexattr+0x4b/0x60
    [<ffffffff8111fd37>] vfs_removexattr+0x77/0xd0
    [<ffffffff8111fdd1>] removexattr+0x41/0x60
    [<ffffffff8111fe65>] path_removexattr+0x75/0xa0
    [<ffffffff81120aeb>] SyS_lremovexattr+0xb/0x10
    [<ffffffff81564b20>] entry_SYSCALL_64_fastpath+0x13/0x94
    [<ffffffffffffffff>] 0xffffffffffffffff

Signed-off-by: Luis Henriques <lhenriques@suse.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Michal Hocko
eb04a7344c fs/xattr.c: zero out memory copied to userspace in getxattr
commit 81be3dee96346fbe08c31be5ef74f03f6b63cf68 upstream.

getxattr uses vmalloc to allocate memory if kzalloc fails.  This is
filled by vfs_getxattr and then copied to the userspace.  vmalloc,
however, doesn't zero out the memory so if the specific implementation
of the xattr handler is sloppy we can theoretically expose a kernel
memory.  There is no real sign this is really the case but let's make
sure this will not happen and use vzalloc instead.

Fixes: 779302e678 ("fs/xattr.c:getxattr(): improve handling of allocation failures")
Link: http://lkml.kernel.org/r/20170306103327.2766-1-mhocko@kernel.org
Acked-by: Kees Cook <keescook@chromium.org>
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Eric Biggers
a3e6be0e94 ext4: evict inline data when writing to memory map
commit 7b4cc9787fe35b3ee2dfb1c35e22eafc32e00c33 upstream.

Currently the case of writing via mmap to a file with inline data is not
handled.  This is maybe a rare case since it requires a writable memory
map of a very small file, but it is trivial to trigger with on
inline_data filesystem, and it causes the
'BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA));' in
ext4_writepages() to be hit:

    mkfs.ext4 -O inline_data /dev/vdb
    mount /dev/vdb /mnt
    xfs_io -f /mnt/file \
	-c 'pwrite 0 1' \
	-c 'mmap -w 0 1m' \
	-c 'mwrite 0 1' \
	-c 'fsync'

	kernel BUG at fs/ext4/inode.c:2723!
	invalid opcode: 0000 [#1] SMP
	CPU: 1 PID: 2532 Comm: xfs_io Not tainted 4.11.0-rc1-xfstests-00301-g071d9acf3d1f #633
	Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-20170228_101828-anatol 04/01/2014
	task: ffff88003d3a8040 task.stack: ffffc90000300000
	RIP: 0010:ext4_writepages+0xc89/0xf8a
	RSP: 0018:ffffc90000303ca0 EFLAGS: 00010283
	RAX: 0000028410000000 RBX: ffff8800383fa3b0 RCX: ffffffff812afcdc
	RDX: 00000a9d00000246 RSI: ffffffff81e660e0 RDI: 0000000000000246
	RBP: ffffc90000303dc0 R08: 0000000000000002 R09: 869618e8f99b4fa5
	R10: 00000000852287a2 R11: 00000000a03b49f4 R12: ffff88003808e698
	R13: 0000000000000000 R14: 7fffffffffffffff R15: 7fffffffffffffff
	FS:  00007fd3e53094c0(0000) GS:ffff88003e400000(0000) knlGS:0000000000000000
	CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	CR2: 00007fd3e4c51000 CR3: 000000003d554000 CR4: 00000000003406e0
	Call Trace:
	 ? _raw_spin_unlock+0x27/0x2a
	 ? kvm_clock_read+0x1e/0x20
	 do_writepages+0x23/0x2c
	 ? do_writepages+0x23/0x2c
	 __filemap_fdatawrite_range+0x80/0x87
	 filemap_write_and_wait_range+0x67/0x8c
	 ext4_sync_file+0x20e/0x472
	 vfs_fsync_range+0x8e/0x9f
	 ? syscall_trace_enter+0x25b/0x2d0
	 vfs_fsync+0x1c/0x1e
	 do_fsync+0x31/0x4a
	 SyS_fsync+0x10/0x14
	 do_syscall_64+0x69/0x131
	 entry_SYSCALL64_slow_path+0x25/0x25

We could try to be smart and keep the inline data in this case, or at
least support delayed allocation when allocating the block, but these
solutions would be more complicated and don't seem worthwhile given how
rare this case seems to be.  So just fix the bug by calling
ext4_convert_inline_data() when we're asked to make a page writable, so
that any inline data gets evicted, with the block allocated immediately.

Reported-by: Nick Alcock <nick.alcock@oracle.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-20 14:27:01 +02:00
Daniel Rosenberg
9516c5d5de ANDROID: sdcardfs: Move top to its own struct
Move top, and the associated data, to its own struct.
This way, we can properly track refcounts on top
without interfering with the inode's accounting.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 38045152
Change-Id: I1968e480d966c3f234800b72e43670ca11e1d3fd
2017-05-16 18:31:17 -07:00
Greg Kroah-Hartman
285c13770a This is the 4.4.68 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkYQIMACgkQONu9yGCS
 aT6lQRAAx+GV9h6oAE5s6ehb/soIXrgvq/veRM52HRpECKvNOjp8p7rf2V9jLKy4
 HV/6n5Q7CClHgKkyfSvFput6iMzzzJWHl2cCFwiZ3e7eq3yCzIV4+Px0CD9SH5S7
 ukYSdmR5zU5oOoMvbW9op1GlUvyNlCtBqWLkXAhopyAuFG7aqvjprPRoJXNVsDqy
 QooRFbGilztrLTKXvnKlz2y0CDxrrHERRdVwRCpzeOpN0rEDoJfdNO6IoXph5vDj
 T2ZWH8WmL+2RPDUFA3fQ2pRKSZribk7Bw4BUDZGNKnXYGSwBWS4r0+1UkCyXGRda
 gLLajv0EIciXvNglkvZ6mzlCcucyJu1mhjFwh778HlFdzvgayxaXQMqFN72OPF8K
 SRsEZnBs4QiflLf4kI9WjiIBAL2uIrP6p9dFq8yHs5yEzRWGtXyODfFYRBnhW7ka
 KbJ47j+MMYvjyu82W+Zzw7qKFXluzLdQKzmY1HUiqegQEtwqjDr/jOL+uC0CkSBb
 OWSmo9/JZUcKn40epenP+ojgDkhJVoKeN5Cy1vWeDUV1pWjK+ErZ5GQZ9F9fNuvV
 MNaFjgQy+bZ4MQ1TgetZzvDKVnNHvuDwKKX6yIK1PHSMsBI4f7M1KLfwDi5WeUmg
 BeF3wDSQEhLGFhiwn3UzhK6VGjfaRsXXv8AhrELrgpnhWkZkg/A=
 =czqa
 -----END PGP SIGNATURE-----

Merge 4.4.68 into android-4.4

Changes in 4.4.68
	9p: fix a potential acl leak
	ARM: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode
	cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
	powerpc/powernv: Fix opal_exit tracepoint opcode
	power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING
	power: supply: bq24190_charger: Call set_mode_host() on pm_resume()
	power: supply: bq24190_charger: Install irq_handler_thread() at end of probe()
	power: supply: bq24190_charger: Call power_supply_changed() for relevant component
	power: supply: bq24190_charger: Don't read fault register outside irq_handle_thread()
	power: supply: bq24190_charger: Handle fault before status on interrupt
	leds: ktd2692: avoid harmless maybe-uninitialized warning
	ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
	mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
	mwifiex: remove redundant dma padding in AMSDU
	mwifiex: Avoid skipping WEP key deletion for AP
	x86/ioapic: Restore IO-APIC irq_chip retrigger callback
	x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
	clk: Make x86/ conditional on CONFIG_COMMON_CLK
	kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed
	x86/platform/intel-mid: Correct MSI IRQ line for watchdog device
	Revert "KVM: nested VMX: disable perf cpuid reporting"
	KVM: nVMX: initialize PML fields in vmcs02
	KVM: nVMX: do not leak PML full vmexit to L1
	usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths
	usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths
	usb: chipidea: Only read/write OTGSC from one place
	usb: chipidea: Handle extcon events properly
	USB: serial: keyspan_pda: fix receive sanity checks
	USB: serial: digi_acceleport: fix incomplete rx sanity check
	USB: serial: ssu100: fix control-message error handling
	USB: serial: io_edgeport: fix epic-descriptor handling
	USB: serial: ti_usb_3410_5052: fix control-message error handling
	USB: serial: ark3116: fix open error handling
	USB: serial: ftdi_sio: fix latency-timer error handling
	USB: serial: quatech2: fix control-message error handling
	USB: serial: mct_u232: fix modem-status error handling
	USB: serial: io_edgeport: fix descriptor error handling
	phy: qcom-usb-hs: Add depends on EXTCON
	serial: 8250_omap: Fix probe and remove for PM runtime
	scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
	MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
	brcmfmac: Ensure pointer correctly set if skb data location changes
	brcmfmac: Make skb header writable before use
	staging: wlan-ng: add missing byte order conversion
	staging: emxx_udc: remove incorrect __init annotations
	ALSA: hda - Fix deadlock of controller device lock at unbinding
	tcp: do not underestimate skb->truesize in tcp_trim_head()
	bpf, arm64: fix jit branch offset related to ldimm64
	tcp: fix wraparound issue in tcp_lp
	tcp: do not inherit fastopen_req from parent
	ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
	rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
	ipv6: initialize route null entry in addrconf_init()
	ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
	bnxt_en: allocate enough space for ->ntp_fltr_bmap
	f2fs: sanity check segment count
	drm/ttm: fix use-after-free races in vm fault handling
	block: get rid of blk_integrity_revalidate()
	Linux 4.4.68

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-05-15 09:25:05 +02:00
Ilya Dryomov
4a4c6a0890 block: get rid of blk_integrity_revalidate()
commit 19b7ccf8651df09d274671b53039c672a52ad84d upstream.

Commit 25520d55cd ("block: Inline blk_integrity in struct gendisk")
introduced blk_integrity_revalidate(), which seems to assume ownership
of the stable pages flag and unilaterally clears it if no blk_integrity
profile is registered:

    if (bi->profile)
            disk->queue->backing_dev_info->capabilities |=
                    BDI_CAP_STABLE_WRITES;
    else
            disk->queue->backing_dev_info->capabilities &=
                    ~BDI_CAP_STABLE_WRITES;

It's called from revalidate_disk() and rescan_partitions(), making it
impossible to enable stable pages for drivers that support partitions
and don't use blk_integrity: while the call in revalidate_disk() can be
trivially worked around (see zram, which doesn't support partitions and
hence gets away with zram_revalidate_disk()), rescan_partitions() can
be triggered from userspace at any time.  This breaks rbd, where the
ceph messenger is responsible for generating/verifying CRCs.

Since blk_integrity_{un,}register() "must" be used for (un)registering
the integrity profile with the block layer, move BDI_CAP_STABLE_WRITES
setting there.  This way drivers that call blk_integrity_register() and
use integrity infrastructure won't interfere with drivers that don't
but still want stable pages.

Fixes: 25520d55cd ("block: Inline blk_integrity in struct gendisk")
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Mike Snitzer <snitzer@redhat.com>
Tested-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
[idryomov@gmail.com: backport to < 4.11: bdi is embedded in queue]
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-14 13:32:59 +02:00
Jin Qian
4edbdf57bc f2fs: sanity check segment count
commit b9dd46188edc2f0d1f37328637860bb65a771124 upstream.

F2FS uses 4 bytes to represent block address. As a result, supported
size of disk is 16 TB and it equals to 16 * 1024 * 1024 / 2 segments.

Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-14 13:32:59 +02:00
Cong Wang
436188eb04 9p: fix a potential acl leak
commit b5c66bab72a6a65edb15beb60b90d3cb84c5763b upstream.

posix_acl_update_mode() could possibly clear 'acl', if so we leak the
memory pointed by 'acl'.  Save this pointer before calling
posix_acl_update_mode() and release the memory if 'acl' really gets
cleared.

Link: http://lkml.kernel.org/r/1486678332-2430-1-git-send-email-xiyou.wangcong@gmail.com
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reported-by: Mark Salyzyn <salyzyn@android.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Greg Kurz <groug@kaod.org>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-14 13:32:54 +02:00
Gao Xiang
21ade37258 ANDROID: sdcardfs: fix sdcardfs_destroy_inode for the inode RCU approach
According to the following commits,
fs: icache RCU free inodes
vfs: fix the stupidity with i_dentry in inode destructors

sdcardfs_destroy_inode should be fixed for the fast path safety.

Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Change-Id: I84f43c599209d23737c7e28b499dd121cb43636d
2017-05-10 17:48:26 +00:00
Daniel Roseberg
907e828e01 ANDROID: sdcardfs: Don't iput if we didn't igrab
If we fail to get top, top is either NULL, or igrab found
that we're in the process of freeing that inode, and did
not grab it. Either way, we didn't grab it, and have no
business putting it.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 38117720
Change-Id: Ie2f587483b9abb5144263156a443e89bc69b767b
2017-05-09 15:52:14 -07:00
Greg Kroah-Hartman
9796ea8fa0 This is the 4.4.67 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkQBi8ACgkQONu9yGCS
 aT5mYw//RVlRt1Ah4vIjj1Gn/CGV9fQeYenHiheZl/rGwa+8Hnq2phkEnOuvnaX7
 +Hi/MEyeSbb27mtrl0C1C7lfJhhEqXafMiMV5SMmvIjgVmfTXw09wzr/JPgTYmPa
 ri5RwfQ2/R+lSbOX6dggP48RrCGuybKFdwE2o+912wRvBoV2WvrwX3FbvPgwXr25
 96c+Ansz3eb9+b0hATQ1sz8dAcWaCmk/NtNxUYgjHVrV0nRhTVccAk04soOmuOBt
 Xm1dVaOEt9w9yh8vIu8KgtaJfWI93TT/L77jDNCzUAsMcMWsiuw1FPwFF5Kcxvlt
 +0vS4q187FWgCbM8ul79WvmqIOeE9lP8iB7Ea3aiknRDoIn0E7xcuCAO8lLDwRsP
 J/MLeNCWymIouNHPZuPlWrC7t/FZJbzs3Z1BjvB2mGwZrTQrEsT16AgcOr9QTxvb
 1vfFFMAW8efAES2UszV8SPon5ZCnLlsBXNDg0RezoenzAXg6yXHE8IIRPkV6KpdV
 crd5DZp3+2M/ErqZERvy1lpd3k4LyPhJm+EtgRgtVWe8IxuohlD3qXr6L+cugtzX
 vp/e0/hkgJLJdHpu1WwCldY8W0EHZndVv/M6qr/TREFFL5Py5f8LWlKsBXJN/p6E
 WjGzu2Iv5uCSo/1UDrUSFZeMFEgpB/D3sGgyEFCOvn6Fv/wxQ8E=
 =tdc4
 -----END PGP SIGNATURE-----

Merge 4.4.67 into android-4.4

Changes in 4.4.67:
	timerfd: Protect the might cancel mechanism proper
	Handle mismatched open calls
	ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
	ALSA: ppc/awacs: shut up maybe-uninitialized warning
	drbd: avoid redefinition of BITS_PER_PAGE
	mtd: avoid stack overflow in MTD CFI code
	net: tg3: avoid uninitialized variable warning
	scsi: cxlflash: Scan host only after the port is ready for I/O
	scsi: cxlflash: Fix to avoid EEH and host reset collisions
	scsi: cxlflash: Improve EEH recovery time
	8250_pci: Fix potential use-after-free in error path
	netlink: Allow direct reclaim for fallback allocation
	IB/qib: rename BITS_PER_PAGE to RVT_BITS_PER_PAGE
	IB/ehca: fix maybe-uninitialized warnings
	ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
	ext4 crypto: revalidate dentry after adding or removing the key
	ext4 crypto: use dget_parent() in ext4_d_revalidate()
	ext4/fscrypto: avoid RCU lookup in d_revalidate
	nfsd4: minor NFSv2/v3 write decoding cleanup
	nfsd: stricter decoding of write-like NFSv2/v3 ops
	dm ioctl: prevent stack leak in dm ioctl call
	Linux 4.4.67

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-05-08 09:55:31 +02:00
J. Bruce Fields
da1ce38aaa nfsd: stricter decoding of write-like NFSv2/v3 ops
commit 13bf9fbff0e5e099e2b6f003a0ab8ae145436309 upstream.

The NFSv2/v3 code does not systematically check whether we decode past
the end of the buffer.  This generally appears to be harmless, but there
are a few places where we do arithmetic on the pointers involved and
don't account for the possibility that a length could be negative.  Add
checks to catch these.

Reported-by: Tuomas Haanpää <thaan@synopsys.com>
Reported-by: Ari Kauppi <ari@synopsys.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:02 +02:00
J. Bruce Fields
35e13333c2 nfsd4: minor NFSv2/v3 write decoding cleanup
commit db44bac41bbfc0c0d9dd943092d8bded3c9db19b upstream.

Use a couple shortcuts that will simplify a following bugfix.

(Minor backporting required to account for a change from f34b95689d
"The NFSv2/NFSv3 server does not handle zero length WRITE requests
correctly".)

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:02 +02:00
Jaegeuk Kim
16fb859f9b ext4/fscrypto: avoid RCU lookup in d_revalidate
commit 03a8bb0e53d9562276045bdfcf2b5de2e4cff5a1 upstream.

As Al pointed, d_revalidate should return RCU lookup before using d_inode.
This was originally introduced by:
commit 34286d6662 ("fs: rcu-walk aware d_revalidate method").

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:02 +02:00
Theodore Ts'o
41948f88a5 ext4 crypto: use dget_parent() in ext4_d_revalidate()
commit 3d43bcfef5f0548845a425365011c499875491b0 upstream.

This avoids potential problems caused by a race where the inode gets
renamed out from its parent directory and the parent directory is
deleted while ext4_d_revalidate() is running.

Fixes: 28b4c263961c
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:02 +02:00
Theodore Ts'o
2faff9d1df ext4 crypto: revalidate dentry after adding or removing the key
commit 28b4c263961c47da84ed8b5be0b5116bad1133eb upstream.

Add a validation check for dentries for encrypted directory to make
sure we're not caching stale data after a key has been added or removed.

Also check to make sure that status of the encryption key is updated
when readdir(2) is executed.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:02 +02:00
Richard Weinberger
e2968fb8e7 ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
commit 9a200d075e5d05be1fcad4547a0f8aee4e2f9a04 upstream.

...otherwise an user can enable encryption for certain files even
when the filesystem is unable to support it.
Such a case would be a filesystem created by mkfs.ext4's default
settings, 1KiB block size. Ext4 supports encyption only when block size
is equal to PAGE_SIZE.
But this constraint is only checked when the encryption feature flag
is set.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:02 +02:00
Sachin Prabhu
6c106b55eb Handle mismatched open calls
commit 38bd49064a1ecb67baad33598e3d824448ab11ec upstream.

A signal can interrupt a SendReceive call which result in incoming
responses to the call being ignored. This is a problem for calls such as
open which results in the successful response being ignored. This
results in an open file resource on the server.

The patch looks into responses which were cancelled after being sent and
in case of successful open closes the open fids.

For this patch, the check is only done in SendReceive2()

RH-bz: 1403319

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:01 +02:00
Thomas Gleixner
911bd54922 timerfd: Protect the might cancel mechanism proper
commit 1e38da300e1e395a15048b0af1e5305bd91402f6 upstream.

The handling of the might_cancel queueing is not properly protected, so
parallel operations on the file descriptor can race with each other and
lead to list corruptions or use after free.

Protect the context for these operations with a seperate lock.

The wait queue lock cannot be reused for this because that would create a
lock inversion scenario vs. the cancel lock. Replacing might_cancel with an
atomic (atomic_t or atomic bit) does not help either because it still can
race vs. the actual list operation.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "linux-fsdevel@vger.kernel.org"
Cc: syzkaller <syzkaller@googlegroups.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1701311521430.3457@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-08 07:46:01 +02:00
Greg Kroah-Hartman
24ac44dc5c This is the 4.4.66 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkJWpMACgkQONu9yGCS
 aT7guA/+JdSobjlRUshtcbUGVEwMjSuNFkZEpeTUWxxkrnNVPnIefP4jcCXEctvL
 OxY4TxtvCQO/m+4Yx0ImVkcPBajd55OWiV90fZ0khVwu+4abLPgizj9lUhrXmmGV
 LZjRyurtYFAwoGCvNsPE8NHxf923SFB8j1og0dEmoFGrH4tI+K5A9KPYKaYASU9Q
 uT5rQMU0YrZBvJYzTc9DNKWHD4ekLzn7o/ORodFwQVC7pdQdGpOCq3Ap+LZbtYnn
 146ziEfycRBSt3x9kYf7gztdGLv4tLZJJv7McI6qfX8+Vrt+Wgy4ObSblmTl57RH
 4WAxed2gZ8NW+fnSJZFR8iomRBu1dsyyTESSt1lCEC6i29ardQip5y4/yGLaBtiJ
 nbcUp1Ld+twQYm0p1UMJVo0DUE6xcrwnCoNyhkGzz1XfdQQwvFCaq30PlsjKxI6E
 X/1rRfuICH2dmIn1ziiCb8qBBjHvKbZY5Mg7W8s6E12yIGKuY08m3KaimSMdWt1D
 jKUKMGD9AunC2l4OAGggObMoTG5SaGSSDr8yPG9QxVvD0AvpnpSEFJ8PIi5O7JiB
 jcFNZawAljzIf0VYGrbGAzbrijiaan/WHm3va7U7K1JzIdFzbOlUANpJLhBR70Mb
 Gc3GEcdMflqJUJ6lapEaaFyC8qPjNI5Ks0/7ER0pgTICBoFVSyg=
 =eMmm
 -----END PGP SIGNATURE-----

Merge 4.4.66 into android-4.4

Changes in 4.4.66:
	f2fs: do more integrity verification for superblock
	xc2028: unlock on error in xc2028_set_config()
	ARM: OMAP2+: timer: add probe for clocksources
	clk: sunxi: Add apb0 gates for H3
	crypto: testmgr - fix out of bound read in __test_aead()
	drm/amdgpu: fix array out of bounds
	ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
	md:raid1: fix a dead loop when read from a WriteMostly disk
	MIPS: Fix crash registers on non-crashing CPUs
	net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
	net_sched: close another race condition in tcf_mirred_release()
	RDS: Fix the atomicity for congestion map update
	regulator: core: Clear the supply pointer if enabling fails
	usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
	xen/x86: don't lose event interrupts
	sparc64: kern_addr_valid regression
	sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
	net: neigh: guard against NULL solicit() method
	net: phy: handle state correctly in phy_stop_machine
	l2tp: purge socket queues in the .destruct() callback
	net/packet: fix overflow in check for tp_frame_nr
	net/packet: fix overflow in check for tp_reserve
	l2tp: take reference on sessions being dumped
	l2tp: fix PPP pseudo-wire auto-loading
	net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
	sctp: listen on the sock only when it's state is listening or closed
	tcp: clear saved_syn in tcp_disconnect()
	dp83640: don't recieve time stamps twice
	net: ipv6: RTF_PCPU should not be settable from userspace
	netpoll: Check for skb->queue_mapping
	ip6mr: fix notification device destruction
	macvlan: Fix device ref leak when purging bc_queue
	ipv6: check skb->protocol before lookup for nexthop
	ipv6: check raw payload size correctly in ioctl
	ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type
	ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
	MIPS: KGDB: Use kernel context for sleeping threads
	MIPS: Avoid BUG warning in arch_check_elf
	p9_client_readdir() fix
	Input: i8042 - add Clevo P650RS to the i8042 reset list
	nfsd: check for oversized NFSv2/v3 arguments
	ARCv2: save r30 on kernel entry as gcc uses it for code-gen
	ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
	Linux 4.4.66

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-05-03 08:50:11 -07:00
J. Bruce Fields
82a0d8aabe nfsd: check for oversized NFSv2/v3 arguments
commit e6838a29ecb484c97e4efef9429643b9851fba6e upstream.

A client can append random data to the end of an NFSv2 or NFSv3 RPC call
without our complaining; we'll just stop parsing at the end of the
expected data and ignore the rest.

Encoded arguments and replies are stored together in an array of pages,
and if a call is too large it could leave inadequate space for the
reply.  This is normally OK because NFS RPC's typically have either
short arguments and long replies (like READ) or long arguments and short
replies (like WRITE).  But a client that sends an incorrectly long reply
can violate those assumptions.  This was observed to cause crashes.

Also, several operations increment rq_next_page in the decode routine
before checking the argument size, which can leave rq_next_page pointing
well past the end of the page array, causing trouble later in
svc_free_pages.

So, following a suggestion from Neil Brown, add a central check to
enforce our expectation that no NFSv2/v3 call has both a large call and
a large reply.

As followup we may also want to rewrite the encoding routines to check
more carefully that they aren't running off the end of the page array.

We may also consider rejecting calls that have any extra garbage
appended.  That would be safer, and within our rights by spec, but given
the age of our server and the NFS protocol, and the fact that we've
never enforced this before, we may need to balance that against the
possibility of breaking some oddball client.

Reported-by: Tuomas Haanpää <thaan@synopsys.com>
Reported-by: Ari Kauppi <ari@synopsys.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-02 21:19:56 -07:00
Theodore Ts'o
28320756e7 ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
commit 9e92f48c34eb2b9af9d12f892e2fe1fce5e8ce35 upstream.

We aren't checking to see if the in-inode extended attribute is
corrupted before we try to expand the inode's extra isize fields.

This can lead to potential crashes caused by the BUG_ON() check in
ext4_xattr_shift_entries().

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-02 21:19:48 -07:00
Chao Yu
716bcfeb12 f2fs: do more integrity verification for superblock
commit 9a59b62fd88196844cee5fff851bee2cfd7afb6e upstream.

Do more sanity check for superblock during ->mount.

Signed-off-by: Chao Yu <chao2.yu@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-02 21:19:47 -07:00
Greg Kroah-Hartman
e4528dd775 This is the 4.4.65 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkFXvsACgkQONu9yGCS
 aT6kPg//QqrRCxSUBYahQ1Jp16AVLiEWjJ3umzBhGGSPn7FfsWF8951R1WBHGlFI
 lEUa3Pfi0U1sh0q4v6pTmQ/AYoa67DcKorxQegH9JoaRp0IvWpSaGMSfbmKP5pDl
 PQyRL6DmOFkf/6X0dvby5ybbt2Kp59zTm8RFeFLRo3LTUK30w/tBTVvouk+UW3KA
 KtjeL70OSOHgWoHXhNWDX1JTTBGFFTI2x0jlFeUtq10t2kRxAMDZpB/IY0VJ3ZTe
 iso6+hC8JyzsXUYP82ZfZ7BAv/hSWBV3ErHyrUmhqWfE/Px7PFEeo3OyG3Bqosu6
 aZW78jwFoqZcAhkVTQepWMHonUT+XLHUgCzc2MqFR4HW6JoQhKDdIqlt1Lqp6y1O
 XsYOrPU1WqHhyoO9E3YwmAIjlYBHxYSUiCnqI9WtvvExJUhXXk/wwzgXUFrZPD01
 berofViH2LJAxde0sqpidpNRg98m+MAK47M03I/tZUUykjGDi8NPTvM4FBbNCEty
 3qaVVCUm7o8YzZg54QF61O+ciceoQdnsQJVy94EV3n2pgdN/7pG0v1KikBRKfsPK
 1Wp+l0tdLkms56ElXyt/lHtF5Pre5i4sE6SdnZa3RHTUV168PFVYqJUCqWRwCD50
 QMs+yLvRHwCFst+ix29Xn+c7KYKcMyqPvCrI8oczfokV/tvMVd8=
 =1GiA
 -----END PGP SIGNATURE-----

Merge 4.4.65 into android-4.4

Changes in 4.4.65:
	tipc: make sure IPv6 header fits in skb headroom
	tipc: make dist queue pernet
	tipc: re-enable compensation for socket receive buffer double counting
	tipc: correct error in node fsm
	tty: nozomi: avoid a harmless gcc warning
	hostap: avoid uninitialized variable use in hfa384x_get_rid
	gfs2: avoid uninitialized variable warning
	tipc: fix random link resets while adding a second bearer
	tipc: fix socket timer deadlock
	mnt: Add a per mount namespace limit on the number of mounts
	xc2028: avoid use after free
	netfilter: nfnetlink: correctly validate length of batch messages
	tipc: check minimum bearer MTU
	vfio/pci: Fix integer overflows, bitmask check
	staging/android/ion : fix a race condition in the ion driver
	ping: implement proper locking
	perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
	Linux 4.4.65

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-04-30 07:30:52 +02:00
Eric W. Biederman
c50fd34e10 mnt: Add a per mount namespace limit on the number of mounts
commit d29216842a85c7970c536108e093963f02714498 upstream.

CAI Qian <caiqian@redhat.com> pointed out that the semantics
of shared subtrees make it possible to create an exponentially
increasing number of mounts in a mount namespace.

    mkdir /tmp/1 /tmp/2
    mount --make-rshared /
    for i in $(seq 1 20) ; do mount --bind /tmp/1 /tmp/2 ; done

Will create create 2^20 or 1048576 mounts, which is a practical problem
as some people have managed to hit this by accident.

As such CVE-2016-6213 was assigned.

Ian Kent <raven@themaw.net> described the situation for autofs users
as follows:

> The number of mounts for direct mount maps is usually not very large because of
> the way they are implemented, large direct mount maps can have performance
> problems. There can be anywhere from a few (likely case a few hundred) to less
> than 10000, plus mounts that have been triggered and not yet expired.
>
> Indirect mounts have one autofs mount at the root plus the number of mounts that
> have been triggered and not yet expired.
>
> The number of autofs indirect map entries can range from a few to the common
> case of several thousand and in rare cases up to between 30000 and 50000. I've
> not heard of people with maps larger than 50000 entries.
>
> The larger the number of map entries the greater the possibility for a large
> number of active mounts so it's not hard to expect cases of a 1000 or somewhat
> more active mounts.

So I am setting the default number of mounts allowed per mount
namespace at 100,000.  This is more than enough for any use case I
know of, but small enough to quickly stop an exponential increase
in mounts.  Which should be perfect to catch misconfigurations and
malfunctioning programs.

For anyone who needs a higher limit this can be changed by writing
to the new /proc/sys/fs/mount-max sysctl.

Tested-by: CAI Qian <caiqian@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
[bwh: Backported to 4.4: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-30 05:49:28 +02:00
Arnd Bergmann
d39cb4a597 gfs2: avoid uninitialized variable warning
commit 67893f12e5374bbcaaffbc6e570acbc2714ea884 upstream.

We get a bogus warning about a potential uninitialized variable
use in gfs2, because the compiler does not figure out that we
never use the leaf number if get_leaf_nr() returns an error:

fs/gfs2/dir.c: In function 'get_first_leaf':
fs/gfs2/dir.c:802:9: warning: 'leaf_no' may be used uninitialized in this function [-Wmaybe-uninitialized]
fs/gfs2/dir.c: In function 'dir_split_leaf':
fs/gfs2/dir.c:1021:8: warning: 'leaf_no' may be used uninitialized in this function [-Wmaybe-uninitialized]

Changing the 'if (!error)' to 'if (!IS_ERR_VALUE(error))' is
sufficient to let gcc understand that this is exactly the same
condition as in IS_ERR() so it can optimize the code path enough
to understand it.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-30 05:49:28 +02:00
Jin Qian
3f0531e577 BACKPORT: f2fs: sanity check log_blocks_per_seg
f2fs currently only supports 4KB block size and 2MB segment size.
Sanity check log_blocks_per_seg == 9, i.e. 2MB/4KB = (1 << 9)

Partially
(cherry-picked from commit 9a59b62fd88196844cee5fff851bee2cfd7afb6e)

f2fs: do more integrity verification for superblock
    
Do more sanity check for superblock during ->mount.
    
Signed-off-by: Chao Yu <chao2.yu@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

Bug: 36817013
Change-Id: I0be52e54fba82083068337ceb9f7ad985a87319f
Signed-off-by: Jin Qian <jinqian@google.com>
2017-04-27 18:10:16 +00:00
Greg Kroah-Hartman
e9cf0f69b7 This is the 4.4.64 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkBmUYACgkQONu9yGCS
 aT6uOBAAvOVUjBIwkaYoy1/Pk2ynZXXIoiBUA6Ti3LaUEPT44zVcfG6CwOKxxUsb
 huIxAg8tGDXN0I41YrLZEG/Ju3ommWyjZQ+RWZA/W3an+2y6oz2BXNnBlePTpyts
 9EWknm61cm6rqcA9y0himDdGjtuM/F6g2vTLboCZnc0IYlwh2TG9tvBn5gcHlVyA
 1mlGCzAxBKf6ttIOKtan4LxssW0jO+e0w+W4mPrAsUViJFSnMHAY1csKQiT62r+Y
 aBNrNIFSMKKSz1a2slOgf1GihaCIL9HnrTlBUcIQkxXyjawNms4ENj9lBy4fJZao
 74eU6aVBvKbE2175PI/Ub90OvtbOI83EzmBgqkVgHSBXzCaPOScnDAnMlwlW3vhW
 5lQU1eN4jtL6FuMi565mXQ8G4RP7PzuWrLfT9rrAaR/rqC54tY882FGjL2KCqzpd
 IVLhKSDg5iqB2JrnNS/GEzJd6Y024EMYGytp+jcDkczfbUHguxfmUNkbrh8sOMSi
 leMS/Z+FN6kc4bvF55NsvwW2n8XNn5Om/TWcXNdGtxvBsk6PD2W6+Bo+Tq7NotNf
 aOuJFQHxBLqfA9LO6UjZMQGfTdfweZ+fAMaGH/X55+GCExLuTTkvfHxerleYFSw8
 FNS+wCn1e+RonHUw2tztE4kfPY2kJ6JkILxzGe/1pC6kv0HDzsA=
 =7UnS
 -----END PGP SIGNATURE-----

Merge 4.4.64 into android-4.4

Changes in 4.4.64:
	KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
	KEYS: Change the name of the dead type to ".dead" to prevent user access
	KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
	tracing: Allocate the snapshot buffer before enabling probe
	ring-buffer: Have ring_buffer_iter_empty() return true when empty
	cifs: Do not send echoes before Negotiate is complete
	CIFS: remove bad_network_name flag
	s390/mm: fix CMMA vs KSM vs others
	Drivers: hv: don't leak memory in vmbus_establish_gpadl()
	Drivers: hv: get rid of timeout in vmbus_open()
	Drivers: hv: vmbus: Reduce the delay between retries in vmbus_post_msg()
	VSOCK: Detach QP check should filter out non matching QPs.
	Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
	ACPI / power: Avoid maybe-uninitialized warning
	mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
	mac80211: reject ToDS broadcast data frames
	ubi/upd: Always flush after prepared for an update
	powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction
	x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
	kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd
	Tools: hv: kvp: ensure kvp device fd is closed on exec
	Drivers: hv: balloon: keep track of where ha_region starts
	Drivers: hv: balloon: account for gaps in hot add regions
	hv: don't reset hv_context.tsc_page on crash
	x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions
	block: fix del_gendisk() vs blkdev_ioctl crash
	tipc: fix crash during node removal
	Linux 4.4.64

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-04-27 10:07:57 +02:00
Germano Percossi
859d615b5b CIFS: remove bad_network_name flag
commit a0918f1ce6a43ac980b42b300ec443c154970979 upstream.

STATUS_BAD_NETWORK_NAME can be received during node failover,
causing the flag to be set and making the reconnect thread
always unsuccessful, thereafter.

Once the only place where it is set is removed, the remaining
bits are rendered moot.

Removing it does not prevent "mount" from failing when a non
existent share is passed.

What happens when the share really ceases to exist while the
share is mounted is undefined now as much as it was before.

Signed-off-by: Germano Percossi <germano.percossi@citrix.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-27 09:09:32 +02:00
Sachin Prabhu
f8fe51c865 cifs: Do not send echoes before Negotiate is complete
commit 62a6cfddcc0a5313e7da3e8311ba16226fe0ac10 upstream.

commit 4fcd1813e640 ("Fix reconnect to not defer smb3 session reconnect
long after socket reconnect") added support for Negotiate requests to
be initiated by echo calls.

To avoid delays in calling echo after a reconnect, I added the patch
introduced by the commit b8c600120fc8 ("Call echo service immediately
after socket reconnect").

This has however caused a regression with cifs shares which do not have
support for echo calls to trigger Negotiate requests. On connections
which need to call Negotiation, the echo calls trigger an error which
triggers a reconnect which in turn triggers another echo call. This
results in a loop which is only broken when an operation is performed on
the cifs share. For an idle share, it can DOS a server.

The patch uses the smb_operation can_echo() for cifs so that it is
called only if connection has been already been setup.

kernel bz: 194531

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Tested-by: Jonathan Liu <net147@gmail.com>
Acked-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-27 09:09:31 +02:00
Daniel Rosenberg
b878b26010 ANDROID: sdcardfs: Call lower fs's revalidate
We should be calling the lower filesystem's revalidate
inside of sdcardfs's revalidate, as wrapfs does.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35766959
Change-Id: I939d1c4192fafc1e21678aeab43fe3d588b8e2f4
2017-04-26 16:56:28 -07:00